Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WSL2 Is bypassing windows firewall rules, acting as a Windows Firewall Backdoor (still in 2024) #11466

Closed
1 of 2 tasks
rjadidi920 opened this issue Apr 15, 2024 · 3 comments
Closed
1 of 2 tasks

WSL2 Is bypassing windows firewall rules, acting as a Windows Firewall Backdoor (still in 2024) #11466

rjadidi920 opened this issue Apr 15, 2024 · 3 comments
Labels
needs-author-feedback

Comments

@rjadidi920
Copy link

rjadidi920 commented Apr 15, 2024
edited
Loading

Windows Version

Windows 10,11

WSL Version

2

Are you using WSL 1 or WSL 2?

  • WSL 2
  • WSL 1

Kernel Version

No response

Distro Version

No response

Other Software

No response

Repro Steps

Add a outbound blocking rule in firewall for port 22.
Use a WSL2 linux VM. SSH to a server, it doesn't get blocked by the firewall rule.

Expected Behavior

Blocking SSH of the WSL2 VMs.

Actual Behavior

Not blocking SSH connection of WSL2 VMs.

Diagnostic Logs

Did the developers of WSL2 intend to make WSL2 act as a backdoor for Windows Firewall for enterprise networks, or was this by accident? And why is this not fixed yet?

A company says we would only allow access to certain IPs/Servers no matter the role of the employee via the Windows Firewall, Microsoft WSL2 says not on my watch! (totally not a backdoor by the way)
@rjadidi920 rjadidi920 changed the title WSL2 Is bypassing windows firewall rules (still in 2024) WSL2 Is bypassing windows firewall rules, acting as a Windows Firewall Backdoor (still in 2024) Apr 15, 2024
@github-actions GitHub Actions
Copy link

Logs are required for review from WSL team

If this a feature request, please reply with '/feature'. If this is a question, reply with '/question'.
Otherwise please attach logs by following the instructions below, your issue will not be reviewed unless they are added. These logs will help us understand what is going on in your machine.

How to collect WSL logs

Download and execute collect-wsl-logs.ps1 in an administrative powershell prompt:

Invoke-WebRequest -UseBasicParsing "https://raw.githubusercontent.com/microsoft/WSL/master/diagnostics/collect-wsl-logs.ps1" -OutFile collect-wsl-logs.ps1
Set-ExecutionPolicy Bypass -Scope Process -Force
.\collect-wsl-logs.ps1

The scipt will output the path of the log file once done.

Once completed please upload the output files to this Github issue.

Click here for more info on logging
If you choose to email these logs instead of attaching to the bug, please send them to [email protected] with the number of the github issue in the subject, and in the message a link to your comment in the github issue and reply with '/emailed-logs'.

@mars2nico
Copy link

Accordings to https://learn.microsoft.com/en-us/windows/wsl/wsl-config, the firewall of wsl2 supports for Windows 11 22H2 or higher only.

@microsoft-github-policy-service Microsoft GitHub Policy Service
Copy link
Contributor

This issue has been automatically closed since it has not had any author activity for the past 7 days. If you're still experiencing this issue please re-file it as a new issue.

Thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
needs-author-feedback
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mars2nico @rjadidi920